DEV Community

Kyle Brennan
Kyle Brennan

Posted on

OPSEC for OSINT: How to Investigate Without Getting Burned

#security #privacy #cybersecurity #tutorial

You're researching someone. But who's researching you?

Operational security (OPSEC) isn't paranoia — it's professional hygiene. Whether you're a journalist, security researcher, or just privacy-conscious, here's how to conduct investigations without leaving a trail back to yourself.

The Golden Rules

  1. Assume you're being watched — act accordingly
  2. Separate identities completely — personal and research never mix
  3. Minimize your footprint — every click is a potential log entry
  4. Document everything — but store it securely

Browser Hygiene

Use Dedicated Browsers

Never research from your daily browser. Options:

  • Tor Browser: Maximum anonymity, slower speeds
  • Brave (Private Window + Tor): Balance of usability and privacy
  • Firefox (hardened): Configure with privacy extensions
  • Virtual machines: Complete isolation

Essential Extensions

  • uBlock Origin: Block trackers and ads
  • Privacy Badger: Learn and block invisible trackers
  • Cookie AutoDelete: Wipe cookies when tabs close
  • User-Agent Switcher: Mask your browser fingerprint

Browser Fingerprinting

Even without cookies, you're identifiable via:

  • Screen resolution
  • Installed fonts
  • Browser plugins
  • Hardware characteristics

Check yourself: https://amiunique.org

Network Security

VPN Basics

A VPN hides your IP but:

  • The VPN provider sees everything
  • Choose carefully — many log and sell data
  • Paid services are generally more trustworthy

Recommended: Mullvad, ProtonVPN, IVPN (no email required, accept cash/crypto)

When to Use Tor

  • Accessing sensitive content
  • Researching individuals who might monitor incoming traffic
  • Protecting source communications

Limitations:

  • Some sites block Tor
  • Slower speeds
  • Exit nodes can be compromised

Mobile OPSEC

Your phone is a tracking device. For sensitive research:

  • Use a dedicated burner device
  • No SIM (WiFi only)
  • VPN always on
  • Airplane mode when not in use

Account Separation

Research Accounts ("Sock Puppets")

Create dedicated accounts for investigation:

Rules:

  • Never access from your home IP
  • Use a unique email (ProtonMail, Tutanota)
  • Different username patterns than personal accounts
  • Aged accounts are more trustworthy (create in advance)
  • Never cross-contaminate (don't follow your real accounts)

Email Compartmentalization

  • Personal: Your real identity
  • Professional: Work-related
  • Research: OSINT investigations
  • Throwaway: One-time signups

Use email aliases (SimpleLogin, AnonAddy) to track who sells your data.

Device Security

Dedicated Research Machine

Ideal setup:

  • Used laptop (paid cash)
  • Fresh OS install (Linux preferred)
  • Full disk encryption
  • No personal accounts ever logged in

Virtual Machines

Run investigations in isolated VMs:

  • VirtualBox or VMware: Free options
  • Whonix: Pre-configured for anonymity
  • Tails: Amnesic system, leaves no traces

Snapshot before research, revert after.

Data Handling

Secure Storage

  • Encrypt everything: VeraCrypt, LUKS, BitLocker
  • Cloud storage: Only encrypted files, or use Tresorit/Proton Drive
  • Local backups: Encrypted external drives

Note-Taking

  • Obsidian (local): Markdown files you control
  • Standard Notes: Encrypted sync
  • Avoid Google Docs/Notion for sensitive research

Evidence Preservation

  • Screenshots with metadata (date, URL, method)
  • Archive.today for permanent records
  • Hash files to prove they haven't been modified

Communication Security

Messaging

  • Signal: End-to-end encrypted, disappearing messages
  • Wire: No phone number required
  • Session: Decentralized, anonymous signup

Email

  • ProtonMail: Encrypted, Swiss jurisdiction
  • Tutanota: German alternative
  • Use PGP for extra security when needed

Physical OPSEC

Don't forget meatspace:

  • Public WiFi: Use for sensitive research (with VPN)
  • Webcam covers: Assume compromise
  • Screen privacy filters: Prevent shoulder surfing
  • Clean desk: Lock screens, secure documents

When Things Go Wrong

Incident Response

If you suspect you've been identified:

  1. Stop immediately — don't try to cover tracks
  2. Document what happened — screenshots, logs
  3. Assess the damage — what did they learn?
  4. Burn compromised accounts — don't reuse
  5. Learn and adapt — update your procedures

Checklist Before Any Investigation

  • [ ] VPN active
  • [ ] Dedicated browser/VM
  • [ ] No personal accounts logged in
  • [ ] Research accounts ready
  • [ ] Archive tools prepared
  • [ ] Notes system ready
  • [ ] Exit strategy planned

🔐 Join the Community

OPSEC is a skill that improves with practice and peer review.

CloudSINT Discord: https://discord.gg/8WP5VwSS

Share techniques, get feedback on your setup, and learn from investigators who take security seriously.

Part of the OSINT education series. Stay safe out there.

Top comments (0)